[Mimedefang] false positive with filescan
Lucas Albers
admin at cs.montana.edu
Mon Feb 23 12:30:42 EST 2004
Yesterday I had a user complained because a word doc was marked as
'suspicious' with filescan.
I had the file quarantined, and ran it through with the scan.pl perl
interface to File::Scan and it does not detect an suspicious items on the
scan.
Any idea how I can troubleshoot this?
Do I need to save the raw work directory, when a suspicious item is
detected, so I can determein the exact raw format it is scanning?
Anyone have code to do this?
It is a very strange problem.
It is the first time an item has been marked like this in 90K emails.
I turned off blocking of items marked as suspicious with File::Scan, while
I troubleshoot it.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list